In a Nutshell: For just about as long as we’ve been communicating information, people have been using encryption techniques to protect that information from unwanted parties. Now, with our growing dependence on digital technology, our information is under constant risk of theft and manipulation — especially in the financial sectors. Encryption, which can render stolen data unusable, has become one of the most effective tools to fight data theft, and for more than 35,000 businesses the best encryption tool is the Smartcrypt platform from PKWARE. Composed of four elements working in concert, including a customizable SDK, Smartcrypt technology encrypts sensitive financial information at the data level, offering a flexible security solution. While network breaches and hacks are becoming increasingly inevitable, making stolen information useless — and unprofitable — through Smartcrypt data encryption can help protect both businesses and consumers.
The first time I came across the idea of data encryption was in an advertisement from the back of a magazine. The product? A super secret decoder ring. The “latest in high-tech spy equipment,” the ring contained an alphanumeric cipher (A=1, B=2, etc.) that would enable me to conduct top-secret communications with any of my fellow spies (i.e., my cousins).
In our modern world, most of us use encryption technology every day. We all live in a technological environment in which data has become the hottest commodity, making encryption not just a good idea, but a necessary part of digital life. Whether you are using a screen name and password to login to an online account, or simply making a credit card transaction at your local supermarket, your information is being protected by encryption technology.
“When you think about how the threats have changed, over time — folks are no longer committing these breaches just to knock services offline, or to knock out their competitors,” explained Matt Little, VP of Product Development for data encryption company, PKWARE. “They’re not doing it for the laughs — they’re doing it to monetize the information. Especially in the payment card industry.”
A 2015 survey by the Duke University/CFO Magazine Global Business Outlook revealed that more than 80% of U.S. companies had their systems successfully breached by those looking to steal or change private data. In addition, more than 85% of firms in Asia, Europe, Africa, and Latin America also reported experiencing data hacks.
“If you think about the anatomy of a breach, there are three stages,” Matt described. “First, someone has to get in. Then, they have to access the information. Finally, they have to get the information back out. For 90% of the industry, 90% of the spend is focused on keeping people from getting in.”
While Matt said he recognizes the logic behind the standard approach, he argues that it just isn’t a realistic method anymore. The odds indicate any given network is going to be breached at some point.
“The reality now is, we have to acknowledge that the perimeter is dead. They are going to come in,” he said. “That’s why PKWARE focuses solely on the second step. We acknowledge that they’re going to come in and that they’re going to get the information out. What we do is ensure that once they’ve done that, what they’ve stolen is inaccessible. It’s all encrypted — they can’t read it, they can’t use it, and they can’t monetize it.”
The 4 Components of the Smartcrypt Data Security Solution
So, how do you battle data breaches when the odds say they’re becoming inevitable? You plan on being hacked and develop your defenses accordingly. Castles don’t fall when enemies cross the moat — the raiders have to get past the walls, too.
“You need to take a layered approach to data security,” said Matt. “You need to create multiple layers because you must expect that several layers of your security will fail. For instance, you need something for your network, something for your devices, and something for your data.”
For PKWARE, the most important weapon against the inevitable data breach is data encryption, which can essentially remove the prize by rendering any stolen data useless to the thieves. Their latest encryption product, the Smartcrypt platform, combines four encryption components into a flexible data security solution.
1. The Application that Encrypts and Decrypts Protected Data
At the heart of the platform is the application, which does a lot of the heavy lifting. The application can be installed on end user devices and desktops — anything that will need to create or access secure data.
“The Smartcrypt application is the end-to-end encryption application,” explained Matt. “It gets installed at every endpoint and on every server. The application encrypts the data as it is being captured, and only decrypts it when it’s being viewed on an authorized system.”
The application uses PKWARE’s Smartkey technology, which automatically processes encryption keys based on the security procedures established by the organization. Encryption keys can be automatically generated, synchronized, and exchanged without end-user interference.
2. The Manager that Gives Administrators Organization-Wide Control
The manager is the brain of the system. It’s from here that security administrators can set and manipulate organizational encryption and security procedures.
“The manager is the command and control server that enforces policy and deals with the exchange of the encryption keys,” Matt described. “Banks use digital certificates for their encryption keys; it’s a little stronger than a password, but it requires some orchestration when it comes to managing those keys. You may need to move them, or you may want to revoke them when they’re lost or stolen. You can also use them to digitally shred information once it has left the environment.”
In addition, the advanced reporting capabilities of the manager allow security administrators to see the full range of encryption activity across the organization. They can monitor what is being encrypted, who can access it, and where the data has traveled.
3. The SDK that Provides a Simple Interface for Developers
While the Smartcrypt application offers users an all-inclusive solution, not every business can, or wants to, operate using a third party application. Organizations with extensive in-house applications may prefer to integrate using a software development kit (SDK).
“It’s very popular for financial services to write a lot of their own applications,” said Matt.
“We offer a software development kit that allows any organization to embed our data protection technology directly into their application — so you don’t even know we’re there at all.”
By implementing the software kit, organizations can limit the distance data must travel before it reaches the encryption stage; a shorter path equals less chance of exposure.
“Once you start taking security really seriously, you realize that if you can embed the encryption directly into your own application, and move it closer to where information is being captured — that’s your best chance of keeping it completely protected.”
4. The Transparent Data Encryption that Protects Information at Rest
The Smartcrypt platform is not limited to protecting data in transition, however. The transparent data encryption (TDE) that makes up the fourth Smartcrypt component protects the information at rest on enterprise servers.
According to the site, “TDE enables companies to easily protect their sensitive information by encrypting the database, associated backups, and transaction log files at rest, preventing attackers from bypassing the database and accessing the data from storage.”
In addition, TDE requires no changes to the existing application code or configuration, helping organizations maintain compliance.
“With Smartcrypt TDE, PKWARE is strengthening customer security while meeting demand for encryption at the file level,” said Matt. “Network- and device-centered security efforts leave security gaps that often go undetected. Now, it is even easier for organizations to encrypt their data and eliminate the value of stolen or leaked information from unauthorized users.”
PKWARE’s Natural Progression from Data Compression to Data Encryption
While PKWARE’s current focus may be the Smartcrypt encryption platform, the company actually began three decades ago with something a little different. Have you ever “unzipped” a compressed file? You have PKWARE to thank.
“We originally started out in data compression,” Matt explained. “PKWARE invented the .ZIP file format; that was the company’s early claim to fame.” PKWARE still offers their industry-leading PKZIP compression software, which can improve system performance by reducing total file size up to 95%.
The company entered the encryption space 15 years ago after seeing a natural connection between compression and encryption. Their SecureZIP product is the marriage of those two passions, combining PKWARE’s compression software with secure encryption. The end-to-end comprehension of Smartcrypt, however, is PKWARE tackling encryption at the next level.
“Encryption has been around for a long time,” said Matt. “And, in that time, every chief information security officer in the world has had a bad experience with encryption at some point. PKWARE, and other vendors like us, have been working very hard to make our solutions easier to use, consume, and manage.”
Data security and encryption have become increasingly popular markets, with the space exploding in the last few years as consumers grow more aware of the importance of protecting information. From their unique position in the market, PKWARE was already diving into the modern problems with their own solutions. One of the largest problems they found was in functionality.
“I think one of the biggest things is cross-platform performance,” said Matt. “Financial services are built on 70 years of legacy systems — banks grow through acquisitions. They have a lot of different environments they have to deal with. What you find is, when it comes to protecting data across all of those environments, you have to pick a bunch of different solutions. Many of these data protection technologies are cobbled together from three or four different vendors, with maybe some open source sprinkled in, and some internal custom development and scripting.”
The complexity of the systems supporting these major organizations can present any number of problems, not the least of which is a security concern. Every time you manipulate the data, you put it at risk.
“We feel very strongly that data is put at risk whenever you have to translate it from one environment to the next,” Matt explained. “That’s why it was very important to us that we build an encryption product that runs everywhere. PKWARE being around as long as we have — we’ve built a native application on all of those operating systems. We run on IBM z, IBM i, UNIX, Linux, Windows, Mac, iOS… Any enterprise operating system you can list, we can run on, all with the same application.”
From .ZIP Files to Protecting the World’s Data
While the simple substitution cipher of my childhood decoder ring was hardly the cutting edge of cryptography, it was more than enough to flummox my cousin (and foil his attempts at snooping through my correspondence). That said, I’m glad there are more advanced systems standing between the digital thieves and my credit card information — like Smartcrypt and PKWARE.
“You can go buy credit cards on the black market right now,” described Matt. “Services have evolved significantly — you can even order them; you get to pick what the image is on the stack of fake credit cards you’re ordering. PKWARE helps financial institutions encrypt cardholder data, so it can’t be sold and profited on. I spend most of my days thinking about what threats are coming next, and how PKWARE can help defeat them.”
Editorial Note: Opinions expressed here are the author's alone, not those of any bank, credit card issuer, airline or hotel chain, and have not been reviewed, approved or otherwise endorsed by any of these entities.